2 files changed, 17 insertions, 67 deletions

diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 86a2b52aad38..fc839f9148ec 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1709,22 +1709,22 @@ void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway)
 }
 
 /**
- * cipso_v4_socket_setattr - Add a CIPSO option to a socket
- * @sock: the socket
+ * cipso_v4_sock_setattr - Add a CIPSO option to a socket
+ * @sk: the socket
  * @doi_def: the CIPSO DOI to use
  * @secattr: the specific security attributes of the socket
  *
  * Description:
  * Set the CIPSO option on the given socket using the DOI definition and
  * security attributes passed to the function.  This function requires
- * exclusive access to @sock->sk, which means it either needs to be in the
- * process of being created or locked via lock_sock(sock->sk).  Returns zero on
- * success and negative values on failure.
+ * exclusive access to @sk, which means it either needs to be in the
+ * process of being created or locked.  Returns zero on success and negative
+ * values on failure.
  *
  */
-int cipso_v4_socket_setattr(const struct socket *sock,
-                            const struct cipso_v4_doi *doi_def,
-                            const struct netlbl_lsm_secattr *secattr)
+int cipso_v4_sock_setattr(struct sock *sk,
+                          const struct cipso_v4_doi *doi_def,
+                          const struct netlbl_lsm_secattr *secattr)
 {
         int ret_val = -EPERM;
         u32 iter;
@@ -1732,7 +1732,6 @@ int cipso_v4_socket_setattr(const struct socket *sock,
         u32 buf_len = 0;
         u32 opt_len;
         struct ip_options *opt = NULL;
-        struct sock *sk;
         struct inet_sock *sk_inet;
         struct inet_connection_sock *sk_conn;
 
@@ -1740,7 +1739,6 @@ int cipso_v4_socket_setattr(const struct socket *sock,
          * defined yet but it is not a problem as the only users of these
          * "lite" PF_INET sockets are functions which do an accept() call
          * afterwards so we will label the socket as part of the accept(). */
-        sk = sock->sk;
         if (sk == NULL)
                 return 0;
 
@@ -1892,29 +1890,6 @@ int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr)
 }
 
 /**
- * cipso_v4_socket_getattr - Get the security attributes from a socket
- * @sock: the socket
- * @secattr: the security attributes
- *
- * Description:
- * Query @sock to see if there is a CIPSO option attached to the socket and if
- * there is return the CIPSO security attributes in @secattr.  Returns zero on
- * success and negative values on failure.
- *
- */
-int cipso_v4_socket_getattr(const struct socket *sock,
-                            struct netlbl_lsm_secattr *secattr)
-{
-        int ret_val;
-
-        lock_sock(sock->sk);
-        ret_val = cipso_v4_sock_getattr(sock->sk, secattr);
-        release_sock(sock->sk);
-
-        return ret_val;
-}
-
-/**
  * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option
  * @skb: the packet
  * @secattr: the security attributes
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index f2535e7f2869..b165712aaa70 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -246,19 +246,18 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
 
 /**
  * netlbl_socket_setattr - Label a socket using the correct protocol
- * @sock: the socket to label
+ * @sk: the socket to label
  * @secattr: the security attributes
  *
  * Description:
  * Attach the correct label to the given socket using the security attributes
- * specified in @secattr.  This function requires exclusive access to
- * @sock->sk, which means it either needs to be in the process of being
- * created or locked via lock_sock(sock->sk).  Returns zero on success,
- * negative values on failure.
+ * specified in @secattr.  This function requires exclusive access to @sk,
+ * which means it either needs to be in the process of being created or locked.
+ * Returns zero on success, negative values on failure.
  *
  */
-int netlbl_socket_setattr(const struct socket *sock,
-                          const struct netlbl_lsm_secattr *secattr)
+int netlbl_sock_setattr(struct sock *sk,
+                        const struct netlbl_lsm_secattr *secattr)
 {
         int ret_val = -ENOENT;
         struct netlbl_dom_map *dom_entry;
@@ -269,9 +268,9 @@ int netlbl_socket_setattr(const struct socket *sock,
                 goto socket_setattr_return;
         switch (dom_entry->type) {
         case NETLBL_NLTYPE_CIPSOV4:
-                ret_val = cipso_v4_socket_setattr(sock,
-                                                  dom_entry->type_def.cipsov4,
-                                                  secattr);
+                ret_val = cipso_v4_sock_setattr(sk,
+                                                dom_entry->type_def.cipsov4,
+                                                secattr);
                 break;
         case NETLBL_NLTYPE_UNLABELED:
                 ret_val = 0;
@@ -309,30 +308,6 @@ int netlbl_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr)
 }
 
 /**
- * netlbl_socket_getattr - Determine the security attributes of a socket
- * @sock: the socket
- * @secattr: the security attributes
- *
- * Description:
- * Examines the given socket to see any NetLabel style labeling has been
- * applied to the socket, if so it parses the socket label and returns the
- * security attributes in @secattr.  Returns zero on success, negative values
- * on failure.
- *
- */
-int netlbl_socket_getattr(const struct socket *sock,
-                          struct netlbl_lsm_secattr *secattr)
-{
-        int ret_val;
-
-        ret_val = cipso_v4_socket_getattr(sock, secattr);
-        if (ret_val == 0)
-                return 0;
-
-        return netlbl_unlabel_getattr(secattr);
-}
-
-/**
  * netlbl_skbuff_getattr - Determine the security attributes of a packet
  * @skb: the packet
  * @secattr: the security attributes